Error “You have attempted to access a restricted URL” when publishing Citrix XenApp with UAG

I used UAG to publish Citrix XenApp as Browser embedded application. Once the application was set up and the UAG configuration was activated, I tried to connect to the published application from a client computer. The SSL Application Tunneling appeared on the screen and right after that, I got an error message “You have attempted to access a restricted URL”.
The Application event log on the UAG reported Event ID 67 from Source Microsoft Forefront UAG: “A request from source IP address x.x.x.x on trunk {TRUNKNAME} for application Citrix XenApp of type CitrixXenApp5 failed. The URL /CTXFOO contains an illegal path. The rule applied is Default rule. The method is GET”
The information from the Application event log was a good hint that something is wrong with the URL Set of the trunk. Therefore, I verified the URL Set in the advanced trunk configuration and noticed that it contains 54 static rules expecting “/citrix” at the beginning of the path. In my case, Citrix was configured to use “/ctxfoo” instead. I added two rules to the URL Set to allow “/ctxfoo” and “/ctxfoo/.*”. After activating the configuration again, everything worked as expected.
Note: UAG RTM has important information is the release notes and known issues about the Citrix publishing. See the Publishing and authentication section at bullet point Client endpoints might not be able to access Citrix XenApp published via Forefront UAG.
This entry was posted in Citrix, XenApp. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s